Fun

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK

News Feed - 2024-05-15 05:05:19

Christopher Roark3 hours agoAlex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiKThe deployer account changed an Alex contract’s implementation address, and multiple tokens were subsequently drained from its bridge.887 Total views9 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksAccording to a May 14 report from blockchain security platform CertiK, the Alex protocol bridge on the BNB Smart Chain network suffered $4.3 million in suspicious withdrawals just after its contract was suddenly upgraded.


Alex is a Bitcoin layer-2 protocol. According to its official website, it provides decentralized finance applications on Bitcoin. Its bridges are used to transfer assets from other networks, such as BNB Smart Chain and Ethereum, to its own network.


Blockchain data confirms that the Alex deployer account performed five identical upgrades to the “Bridge Endpoint” contract on BNB Smart Chain beginning at 3:56 pm UTC. Approximately $4.3 million worth of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO) were subsequently removed from the BNB Smart Chain side of the bridge.


Because the upgrade was performed by the protocol’s deployer account, CertiK labeled the event “a possible private key compromise.” Source: CertiK


The upgrade transaction changed the implementation address to one ending in 7058. The new implementation is unverified bytecode, making it unreadable to human beings.


About 48 minutes after these upgrades began, the proxy address for the bridge contract called an unverified function on an address ending in 4848E. This resulted in 16 BTC ($983,000 at current prices), 2.7 million SKO ($75,000) and $3.3 million worth of USDC at 4:44 pm, being moved into the address at 484E.


The attacker may also be attempting to drain funds on other networks. At 5:41 pm, just minutes after the suspicious upgrade on BNB Smart Chain, a similar series of Alex upgrades occurred on Ethereum. In this case, the deployer upgraded the “artist address” to an unverified contract. Immediately afterward, an account ending in 05ed attempted to make two withdrawals from the “team address.” These withdrawals failed, producing a “not owner” error.


The 05ed account had no history before May 10. It created one unverified contract on May 10 and two more on May 14, indicating that it may be under the control of a malicious user.


At the time of publication, the Alex team has not confirmed the exploit or commented on the incident.


The Alex bridge wasn’t the only protocol to face a potential exploit in May. On May 13, decentralized exchange Equalizer announced that it had lost more than 2,000 of its own tokens from an attacker who siphoned them away in small increments over several days. The Gnus.ai hack on May 6 also resulted in $1.27 million worth of losses.


Related:CertiK discovered $5M security flaw in Wormhole bridge on Aptos# Bitcoin# Blockchain# Ethereum# Hackers# Private Keys# Cybersecurity# Hacks# DeFi# Layer2Add reaction

News Feed

Hermi De Ramos12 hours agoAbu Dhabi grants virtual asset firm M2 permission to offer crypto servicesThe M2 platform will launch later in 2023, allowing UAE-based retail and institutional clients to buy, sell and custody
Ezra Reguerra10 hours agoJPEX hikes withdrawal fee to almost $1K after Hong Kong watchdog warningCommunity members shared reports that the crypto exchange’s staff abandoned their booth at Token 2049 in Singapore after
Dogecoin 600% Rally Prediction Still On Track Before End Of 2024 — Analyst
Este artículo también está disponible en español. As 2024 concludes, Dogecoin (DOGE) is attracting numerous investors and analysts who foresee a substantial price fluctua
Dogecoin’s Growth Pattern Hints At Massive June–July Rally After 5-Month Pullback
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Jesse Coghlan6 hours agoBinance Australia got 12 hours’ notice before it was debanked, exec saysBinance Australia head Ben Rose claimed the exchange got less than a day"s warning from its payments partner before it was
Italy and Albania Bust €15 Million Crypto Investment Scam
Italy and Albania Bust €15 Million Crypto Investment Scam Authorities in Italy and Albania have hit a fraud scheme enticing victims with promises of low-risk investments in crypt
Trudeau Warns Truckers Government Will ‘Respond With Whatever It Takes,’ 2 Freedom Convoy Crypto Fundraisers Reach Goals
Trudeau Warns Truckers Government Will "Respond With Whatever It Takes," 2 Freedom Convoy Crypto Fundraisers Reach Goals The truckers Freedom Convoy in Canada continues even after
Turner Wright5 hours agoUK Treasury plans to exclude derivatives and ‘unbacked’ tokens from regulatory sandbox“Until there is more certainty in these frameworks, we are intending to utilise existing regulatory init
DOJ Launches Network of Over 150 Federal Prosecutors to Combat Criminal Uses of Crypto
DOJ Launches Network of Over 150 Federal Prosecutors to Combat Criminal Uses of Crypto The U.S. Department of Justice (DOJ) has established the nationwide Digital Asset Coordinator
ReadON Completes $2M Seed Round to Build a Decentralized Content Distribution Platform
ReadON Completes $2M Seed Round to Build a Decentralized Content Distribution Platform press release PRESS RELEASE.ReadON ( readon.me), a company that aims to provide users with a b
Rakesh Upadhyay5 hours agoBitcoin struggles to flip $38K to support, while UNI, IMX, VET and ALGO aim to push higherBitcoin is facing resistance at $38,000, but UNI, IMX, VET and ALGO may extend their up-move in the shor
Putin: Still Early but Crypto Can Be Used for Oil Trade Settlements, Store of Value
Putin: Still Early but Crypto Can Be Used for Oil Trade Settlements, Store of Value Accusing the U.S. of undermining the dollar through money printing and sanctions policy, Preside